github/openNDS
1
1
Fork 0
mirror of https://github.com/openNDS/openNDS.git synced 2026-01-14 14:27:53 -05:00
Code Issues Packages Projects Releases Wiki Activity
915 Commits 43 Branches 31 Tags
5.0.1
Commit Graph

915 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob White
3f17e681bb Fix - Path Traversal Attack vulnerability allowed by libmicrohttpd's built in unescape functionality 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-05-06 20:21:22 +01:00
Rob White
40f2ca3ff8 Fix PKG_BUILD_DIR in OpenWrt Makefile 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-13 20:32:25 +01:00
Rob White
580fcdf66f Merge pull request #5 from openNDS/5.0.0beta 
Move wait_for_interface to opennds C code
v5.0.0 		2020-04-11 14:46:53 +01:00
Rob White
9f4661e08b Release v5.0.0 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-11 14:30:58 +01:00
Rob White
80e1d09cb4 Move wait_for_interface to opennds C code 
wait_for_interface was in the startup init.d/procd and opennds.service scripts.
Moved to opennds C code.

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-09 21:53:08 +01:00
Rob White
96635be5bb Merge pull request #4 from openNDS/5.0.0beta 
5.0.0beta - more migration updates
 2020-04-09 13:47:34 +01:00
Rob White
2cc1f6b32e Change the remote image to the openNDS Github avatar. 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-09 13:38:27 +01:00
Rob White
40adc10d69 Implement better checks on authmon 
1. Only kill our authmon.sh, just in case some other package uses the same name.
2. Check if authmon is running and get its pid.

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-09 13:38:27 +01:00
Rob White
228c117408 Fix firewall restart script 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-09 13:38:27 +01:00
Rob White
8d7385c509 Updates to README.md 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-09 13:38:27 +01:00
Rob White
77277ed39b Merge pull request #3 from openNDS/5.0.0beta 
More openNDS renaming, Add new splash image.
 2020-04-05 17:04:21 +01:00
Rob White
3d1033d39e More renaming, new splash image. 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-05 16:53:33 +01:00
Rob White
489ae62e8f Merge pull request #2 from openNDS/5.0.0beta 
Fix missing newline (and test Travis config)
 2020-04-05 13:15:41 +01:00
Rob White
a6ae3b3a91 Fix missing newline and test Travis 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-05 13:08:37 +01:00
Rob White
75adc323fb Merge pull request #1 from openNDS/5.0.0beta 
Initial Rename and bump to v5.0.0beta
 2020-04-05 12:07:54 +01:00
Rob White
18a502720f Rename and bump to v5.0.0beta 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-05 10:13:10 +01:00
Rob White
b78536aea1 Intial clone from nodogsplash master 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-04-05 08:21:01 +01:00
Rob White
4bd2f00166 Merge pull request #541 from nodogsplash/4.5.1beta 
Bump to v4.5.1beta
 2020-03-03 22:23:45 +00:00
Rob White
7b8d54766a Bump to v4.5.1beta 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-03-03 22:20:04 +00:00
Rob White
25468060d7 Merge pull request #540 from nodogsplash/4.5.0beta 
Release 4.5.0
 2020-03-03 21:49:36 +00:00
Rob White
965cbb8b9d Release 4.5.0 
Changelog:
  * Add - Enable https protocol for remote FAS [bluewavenet]
  * Add - trusted devices list to ndsctl json output [bluewavenet]
  * Add - option unescape_callback_enabled [bluewavenet]
  * Add - get_client_token library utility [bluewavenet]
  * Add - utf-8 to PreAuth header [bluewavenet]
  * Add - PreAuth Support for hashed id (hid) if sent by NDS [bluewavenet]
  * Add - library script shebang warning for systems not running Busybox [bluewavenet]
  * Add - htmlentityencode function, encode gatewayname in templated splash page [bluewavenet]
  * Add - htmlentity encode gatewayname on login page (PreAuth) [bluewavenet]
  * Add - Simple customisation of log file location for PreAuth and BinAuth [bluewavenet]
  * Add - option use_outdated_mhd [bluewavenet]
  * Add - url-encode and htmlentity-encode gatewayname on startup [bluewavenet]
  * Add - Allow special characters in username (PreAuth) [bluewavenet]
  * Add - Documentation updates [bluewavenet]
  * Add - Various style and cosmetic updates  [bluewavenet]
  * Fix - Change library script shebang to bash in Debian [bluewavenet]
  * Fix - Remove unnecessary characters causing script execution failure in Debian [bluewavenet]
  * Fix - Add missing NULL parameter in MHD_OPTION_UNESCAPE_CALLBACK [skra72] [bluewavenet]
  * Fix - Script failures running on Openwrt 19.07.0 [bluewavenet]
  * Fix - Preauth, status=authenticated [bluewavenet]
  * Fix - Prevent ndsctl from running if called from a Binauth script. [bluewavenet]
  * Fix - Minor changes in Library scripts for better portability [bluewavenet]
  * Fix - Prevent php notices on pedantic php servers [bluewavenet]
  * Fix - broken remote image retrieval (PreAuth) [bluewavenet]
  * Fix - Allow use of "#" in gatewayname [bluewavenet]

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-03-03 21:44:05 +00:00
Rob White
fc825f5837 Merge pull request #539 from nodogsplash/4.5.0beta 
Set version to 4.5.0beta
 2020-03-03 19:50:04 +00:00
Rob White
4649d7505b Documentation updates 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-03-03 19:39:37 +00:00
Rob White
6c69d54b22 Set version to 4.5.0beta and include more style updates 
Preparing for v4.5.0 release

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-03-03 14:28:23 +00:00
Rob White
a7b66956fb Merge pull request #538 from nodogsplash/4.4.1beta 
Coding style update - use // for single line comments
 2020-03-03 13:47:17 +00:00
Rob White
65a1a38d4f Coding style update - use // for single line comments 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-03-03 13:39:07 +00:00
Rob White
d9e4756910 Merge pull request #535 from nodogsplash/4.4.1beta 
Tidy up main_loop, removing namespace pollution
 2020-03-01 23:31:21 +00:00
Rob White
197f7e1e49 Tidy up main_loop, removing namespace pollution 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-03-01 23:24:33 +00:00
Rob White
a7ef01f413 Enable https protocol for remote FAS 
Previously a remote FAS could not use https protocol without generating
browser security errors or warnings so NDS enforced use of http.

A new FAS level, fas_secure_enabled = 3 is introduced here.

Level 3 is the same as level 2 except the use of https protocol is
enforced for FAS. In addition, the "authmon" daemon is loaded.

This daemon allows the external FAS, after client verification is complete,
to effectively traverse inbound firewalls and address translation to
achieve NDS authentication without generating browser security warnings.
or errors.

A fully functional https fas script is provided (fas-aes-https.php).

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-29 16:50:07 +00:00
Rob White
3265c836a6 Merge pull request #529 from nodogsplash/4.4.1beta 
ndsctl: add trusted devices list to json output.
 2020-02-22 15:27:54 +00:00
Rob White
92c12beae7 ndsctl: add trusted devices list to json output. 
The ndsctl json command now counts the number of trusted devices and
outputs a list of them in json array format.

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-22 15:00:57 +00:00
Rob White
aa54541fca Fix comments in config files 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-17 00:12:38 +00:00
Rob White
0bb8988b8f Merge pull request #525 from nodogsplash/4.4.1beta 
Fix: Allow use of "#" and "'" (single quote/asterisk) in gatewayname
 2020-02-15 21:24:24 +00:00
Rob White
2a2b3693cc Fix: Allow use of "#" and "'" (single quote/asterisk) in gatewayname 
See issue #516

"#" is used as a comment indicator in nodogsplash.conf
This fix allows the character to be present as part of an option value.
If the character occurs at the beginning of the line,
the line will be considered as a comment.

"'" (single quote/asterisk) is used as a uci delimiter.
If this character is required in gatewayname then use the
htmlentity &#39; instead.
The default config files have been updated to reflect this.

The demo preauth scripts have been modified to ensure
gatewayname is properly escaped.


Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-15 15:59:48 +00:00
Rob White
6603d57622 Merge pull request #524 from nodogsplash/4.4.1beta 
PreAuth: Fix broken remote image retrieval
 2020-02-12 16:08:02 +00:00
Rob White
d834feed21 PreAuth: Fix broken remote image retrieval 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-12 15:59:00 +00:00
Rob White
af4e5853ad Merge pull request #523 from nodogsplash/4.4.1beta 
url-encode gatewayname on startup
 2020-02-12 15:45:32 +00:00
Rob White
9a0f67e5be Preauth: Allow special characters in username 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-12 14:39:24 +00:00
Rob White
2876dbbc7b url-encode gatewayname on startup 
Allow special characters in gatewayname to be passed to fas/preauth

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-12 14:33:04 +00:00
Rob White
f8936e7d2c Add htmlentities "&" and "+" 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-12 13:07:58 +00:00
Rob White
2f8647793a Merge pull request #522 from nodogsplash/4.4.1beta 
Add option use_outdated_mhd
 2020-02-12 11:37:23 +00:00
Rob White
beb316166a Shorten MHD version check 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-10 23:21:53 +00:00
Rob White
15ba5ea4c8 Add option use_outdated_mhd 
See issue #515

MHD_get_version is used to determine the installed (runtime) version of
libmicrohttpd (MHD).
If the version is earlier than 0.9.69, then by default, NDS will terminate.

However, if option use_outdated_mhd is set to 1, NDS starts normally
but logs an error.

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-10 20:58:40 +00:00
Rob White
cfe13c7362 Merge pull request #519 from nodogsplash/4.4.1beta 
Htmlencode gatewayname at startup and cosmetic updates
 2020-02-08 01:15:44 +00:00
Rob White
dd3d33cbc8 Encode gatewayname at startup 
Reduces overhead slightly for templated splash page

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-08 00:58:51 +00:00
Rob White
d9f8d9fe8c Minor cosmetic fixes 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-08 00:58:51 +00:00
Rob White
d28a80fbff Remove unused constant, multiple cosmetic improvements 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-08 00:58:51 +00:00
Rob White
73bcc0e7e4 FAS: Prevent php notices on pedantic php servers 
Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-08 00:58:51 +00:00
Rob White
5ec9e8bec4 Merge pull request #517 from nodogsplash/4.4.1beta 
4.4.1beta Enhancements and bug fixes
 2020-02-07 23:06:17 +00:00
Rob White
df705bbd79 PreAuth and BinAuth: Add simple customisation of log file location. 
The log file location is now determined by simply setting the variables
mountpoint, logdir and logname in the PreAuth and BinAuth examples.

The default is to use mountpoint /tmp with /run suggested for Raspbian.
These default locations are both tmpfs so protect system flash from wear
but will not survive a reboot.

More suitable storage can be chosen for a production system (eg usb stick)

The log file size is limited by a simple algorithm that takes into account
other useage of the storage:
F=available space
L=logsize
R=Ratio of available to log size
C=capacity, storage size less other non log usage
This gives two equations.
R=F/L
C=F+L
Solving for L:
L=C/(R+1)
If the minimum value of R is 10
then L(max)=(F(current)+L(current))/11

Signed-off-by: Rob White <rob@blue-wave.net>
 2020-02-05 19:41:50 +00:00